<?php
class user {
	var $logged_in = false;
	var $session_id = null;
	var $logged_in_user_id = false;

	function user() {
		global $dbh;
		session_start();
		$this->session_id = md5($_SERVER["REMOTE_ADDR"].$_SERVER["HTTP_USER_AGENT"].session_id());
		if($result = $this->check_session()) {
			$this->update_session();
			$this->logged_in = true;
			$this->logged_in_user_id = $result;
		}
	}

	function login($username, $password) {
		global $dbh;
		$sth = $dbh->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
		$sth->execute(array($username, md5($password)));
		if ($sth->rowCount() == 0) {
			$sth = $dbh->prepare("SELECT * FROM users WHERE email = ? AND password = ?");
			$sth->execute(array($username, md5($password)));
			if ($sth->rowCount() == 0) {
			    return null;
			} else {
				$result = $sth->fetch(PDO::FETCH_ASSOC);
				$this->new_session($result['id']);
				return $result;
			}
		} else {
			$result = $sth->fetch(PDO::FETCH_ASSOC);
			$this->new_session($result['id']);
			return $result;
		}

	}

	function new_user($username, $email) {
		global $dbh;
		$state = 2; // STATE 2 is for registered but not logged in
		$sth = $dbh->prepare("INSERT INTO users (username, password, email, state) VALUES (?,?,?,?);");
		$password = substr(md5(rand()),0,8);
		if ($sth->execute(array($username,md5($password),$email,$state))) {
			if ($this->send_pass($username, $email, $password)) {
				return true;
			} else { 
				return false;
			}
		}

		return false;

	}


	function send_pass($username, $email, $password) {
		$template = new STE();
		$template->load('register_email');
		$variables['PASSWORD'] = $password;
		$variables['USERNAME'] = $username;
		global $site_url; // Ugly hack...
		$variables['SITE_URL'] = $site_url;
		$template->assign($variables);
		
		if ( mail($email, "Welcome to YouLoc", $template->display(), 'From: noreply@youloc.net' ) ) {
			return true;
		} else {
			return false;
		}
	}

	function user_exists($username, $email) {
		global $dbh;
		$sth = $dbh->prepare("SELECT * FROM users WHERE username = ? OR email = ?;");
		$sth->execute(array($username, $email));
		if ($sth->rowCount() == 0) {
			return false;
		} else {
			return true;
		}

	}

	function new_session($user_id) {
		global $dbh;
		if ($this->check_session()) {
			$this->update_session();
			return true;
		}
		$this->logged_in_user_id = $user_id;
		$sth = $dbh->prepare("INSERT INTO session (sessid, user_id, last_refreshed, remote_host) values(?,?,NOW(),?);");
		if($sth->execute(array($this->session_id, $user_id, $_SERVER["REMOTE_ADDR"]))) return true;
		else return false;
	}

	function update_session() {
		global $dbh;
		$sth = $dbh->prepare("UPDATE session SET last_refreshed = NOW() WHERE sessid = ?");
		if ($sth->execute(array($this->session_id))) return true;
		else return false;
	}


	function update_user_email($email) {
		global $dbh;
		$sth = $dbh->prepare("UPDATE users SET email = ? WHERE id = ?");
		if ($sth->execute(array($email, $this->logged_in_user_id))) return true;
		else return false;
	}

	function update_user_password($password) {
		global $dbh;
		$sth = $dbh->prepare("UPDATE users SET password = ? WHERE id = ?");
		if ($sth->execute(array(md5($password), $this->logged_in_user_id))) return true;
		else return false;
	}

	function check_session() {
		global $dbh;
		$sth = $dbh->prepare("SELECT * FROM session WHERE sessid = ?");
		$sth->execute(array($this->session_id));
		if ($sth->rowCount() == 0) {
			return false;
		} else {
			$result = $sth->fetch(PDO::FETCH_ASSOC);
			return $result['user_id'];
		}
	}
	
	function toggle_visibility() {
		global $dbh;
		$sth = $dbh->prepare("SELECT visibility FROM users WHERE id = ?");
		$sth->execute(array($this->logged_in_user_id));
		$result = $sth->fetch(PDO::FETCH_ASSOC);

		$new_visibility = ($result['visibility']+1) % 2;
		$sth = $dbh->prepare("UPDATE users SET visibility = ? WHERE id = ?");
		if ($sth->execute(array($new_visibility, $this->logged_in_user_id))) return true;
		else return false;
	}

	function logout() {
		global $dbh;
		$sth = $dbh->prepare("DELETE FROM session WHERE sessid = ?");
		$sth->execute(array($this->session_id));
		session_regenerate_id();
		session_destroy();
	}

	function info() {
		return sprintf("Logged in: %s<br />Session ID: %s", $this->logged_in, $this->session_id);
	}

	function info2() {
		return sprintf("Logged in %s<br>", var_dump($this->logged_in_user_id));
	}
}

?>
